1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

1/4/2021

0 Comments

A Lookback of the Cybersecurity Threats in 2020

 
cybersecurity threats in 2020

A Lookback of the Cybersecurity Threats in 2020

The world dramatically changed in 2020. The abrupt work from home shift to anything online such as online shopping opened up a plethora of cybersecurity threats at a scale never seen before.

Most Notable Cybersecurity Threats in 2020

Here are some of the notable cybersecurity threats in 2020:

1. Threats Associated with Collaboration Apps

The work from home shift gave rise to the demand for collaboration tools such as Microsoft Teams, Slack, and Zoom. In 2020, threat actors turned their attention to these collaboration tools.

In 2020, the term “Zoombombing” was coined. This term refers to uninvited threat actors viewing Zoom meetings or sharing pornographic images and content.

Last year, threat actors leveraged association to Microsoft Teams – referring to the communication platform developed by Microsoft which features chat, videoconferencing, and file storage. In October 2020, Abnormal Security reported that up to 50,000 emails were observed spoofing employee emails and impersonating Microsoft Teams.

“The email pretends to be a Microsoft Teams notification email notifying the recipient that they have received messages and their teammates are trying to reach them,” Abnormal Security said. “The link landing page also looks convincingly like a Microsoft login page with the start of the URL containing ‘microsftteams’, lending further credence.”

2. Remote-Working Tools Exploitation

An IBM study released in June 2020 showed that 83% of employees were provided little to no ability to work from home prior to the sudden work from home shift. The IBM study further found that 53% of employees used their personal laptops and computers for business operations, while 61% also said their employer hasn't provided tools to properly secure those devices.

In 2020, threat actors actively exploited remote-working services such as virtual private network (VPN) services. In addition to masking internet protocol (IP) address so that online actions are virtually untraceable, VPN services promise secure and encrypted connections.

Security researchers, however, discovered security vulnerabilities in many VPN services. Even as VPN service vendors released patches fixing these security loopholes, many users delay the application of these patches, leading threat actors to exploit these unpatched security vulnerabilities.

In April 2020, the Canadian Centre for Cyber Security and U.S. Cybersecurity and Infrastructure Security Agency issued separate alerts warning organizations about the continued exploitation of the security vulnerability in Pulse Secure VPN, in particular, CVE-2019-11510 – a security vulnerability that allows a remote, unauthenticated attacker to compromise a vulnerable Pulse Secure VPN server, allowing an attacker to gain access to all active users and their plain-text credentials.

3. E-Commerce Threats

Among the effects of the lockdown measures in 2020 has been a huge spike in e-commerce business. Imperva reported that web traffic to retail sites spiked by as much as 28% on the weekly average. In “The State of Security within E-commerce,” Imperva reported that among the cyber threats faced by e-commerce businesses in 2020 were DDoS attacks and bad bots.

DDoS, short for distributed denial-of-service, refers to a cyberattack that attempts to disrupt the normal traffic of online resources such as websites, overwhelming the target or its surrounding infrastructure with a flood of internet traffic. DDoS attacks are launched by hijacking multiple computer systems, including Internet of Things (IoT), as sources of attack traffic.

According to Imperva, it monitored an average of eight application layer DDoS attacks a month against retail sites as lockdown measures led to an increase in demand for online shopping.

Bad bots, meanwhile, refer to software applications that run automated tasks over the internet for malicious purposes, for example, automatically scanning websites for software vulnerabilities and exploiting these vulnerabilities. According to Imperva, bad bots are the top threat to online retailers before and during the imposition of the lockdown measures.

4. Supply Chain Attack on SolarWinds

Year 2020 ends with one of the biggest cyberattacks: the supply chain attack on SolarWinds. On December 13, 2020, SolarWinds admitted that it fell victim to a supply chain attack.

In a supply chain attack, a threat actor gains access to your organization’s IT systems via an outside partner or third party that has access to your organization’s systems and data. According to SolarWinds, a threat actor gained access to its Orion Platform software source code and inserted the malicious software (malware) called “Sunburst.”

This malware ended up in the Orion Platform software update, specifically for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1. According to SolarWinds, if present and activated, the Sunburst malware could potentially allow an attacker to compromise the server on which the Orion Platform software runs.

Open-source reports showed that the U.S. Treasury Department and other U.S. Government Departments had been compromised. Microsoft recently admitted that the SolarWinds supply chain attack also affected its own systems. Microsoft said that it found no evidence of access to production services or customer data, or its systems being used to attack others.

Microsoft, however, said that the SolarWinds attackers were able to view Microsoft's source code but had been unable to modify any code or engineering systems. “At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft,” the company said. “This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.”

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit